A couple of security avoidance techniques

[Jon Creasey <jon-pauldotcom () torturedjellybaby co uk>]

  Pauldotcom Collective,

While carrying out some security examination for a client i have come 
across two methods they use for secondary validation.   The premise is 
that if you are on a trusted network the encryption and lockdown 
software will relax slightly (Still full disk encryption and MAC based 
authentication).

However the secondary method used is either ping to a host of 
intranet.corp.bob or a ping to specific IP's that are embedded in the 
security client. i.e if 10.10.10.10 doesn't respond you aren't on our 
network.

What i'm therefore looking for to prove this is as much use as a 
chocolate fireguard is a way of spoofing all DNS requests to *.bob to 
return an IP address under my control that can be set to respond to ICMP 
and also some sort of way of responding to any ping request with a yes 
even if it's not pingable in reality.

Over to the collective.

Jon


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com